Beruflich Dokumente
Kultur Dokumente
2
Copyright Pearson Prentice-Hall 2010
Ô Cryptography is the use of mathematical
operations to protect messages traveling between
parties or stored on a computer
???
5
Copyright Pearson Prentice-Hall 2010
Sy etric
ey
a es ropper
Cannot Rea
Messages in
Plaintext: Cipher & Ciphertext: 11010100 Ciphertext
"Hello" ey
Net or Sa e
Sy etric
ey
Note:
single ey is se to encrypt an ecrypt
in oth irections
Party B
6
Copyright Pearson Prentice-Hall 2010
Y
n 4 r
o 8 w
w 15 l
i 1 «
s 23 «
t 1 «
+4 h 3 «
e 9 «
n o p q r t 12 «
i 20 «
m «
ahis is a very weak cipher
e 25 «
eal ciphers use complex math
7
Copyright Pearson Prentice-Hall 2010
Ô ubstitution Ciphers
Ń ubstitute one letter (or bit) for another in each place
Ń ahe cipher we saw in Figure 3-2 is a substitution cipher
Ô aransposition Ciphers
Ń aransposition ciphers do not change individual letters or
bits, but they change their order
Y
n o w
i s t
h e t
Key = 132 231
1
Copyright Pearson Prentice-Hall 2010
Key Length 0 bits or 112 or 18 128, 192, or
(bits) more 2
Key trength Very weak at Weak trong trong
0 bits
Processing Low 0oderate High Low
equirements
A0 Low 0oderate 0oderate Low
equirements
emarks Can uses Created in Applies aoday¶s gold
keys of the 190s DE three standard for
variable times with symmetric
length two or three key
different encryption
DE keys
1
Copyright Pearson Prentice-Hall 2010
- it D y etric ey
5 its re n ant its
- it Plainte t lock
15
Copyright Pearson Prentice-Hall 2010
Ô Cryptographic ystems
Ń Encryption for confidentiality is only one cryptographic
protection
Ń Individual users and corporations cannot be expected to
master these many aspects of cryptography
Ń Consequently, crypto protections are organized into
complete cryptographic systems that provide a broad set
of cryptographic protection
6
Copyright Pearson Prentice-Hall 2010
Ô Cryptographic ystems
1 awo parties first agree upon a particular cryptographic
system to use
2 Each cryptographic system dialogue begins with three
brief hand-shaking stages
3 ahe two parties then engage in cryptographically
protected communication
½ ahis ongoing communication stage usually constitutes nearly
all of the dialogue
7
Copyright Pearson Prentice-Hall 2010
Handsha ing tage 1
Initial egotiation of ecurity Para eters
1
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication
21
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication
2
Copyright Pearson Prentice-Hall 2010
Ô
Ń A hashing algorithm is applied to a bit string of any length
Ń ahe result of the calculation is called the hash
Ń For a given hashing algorithm, all hashes are the same
short length
à5
Copyright Pearson Prentice-Hall 2010
Ô
"#
Ń 0D (128-bit hashes)
Ń HA-1 (10-bit hashes)
Ń HA-224, HA-2, HA-384, and HA-12 (name
gives hash length in bits)
Ń ote 0D and HA-1 should not be used because have
been shown to be unsecure
2
Copyright Pearson Prentice-Hall 2010
27
Copyright Pearson Prentice-Hall 2009
2010
upplicant sends esponse 0essage in the clear
(without encryption)
2
Copyright Pearson Prentice-Hall 2010
2
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication
Party
Party B
2. ncrypts
Session ey ith . Sen s the Sy etric . ecrypts
Party B's P lic ey Session ey ncrypte Session ey ith
or Con i entiality Party B's Pri ate ey
Party X 4 Party
Co putes E change Keying Infor ation Co putes
=g^ od p E change and y y =g^y od p
E change is in the clear
5 5
Party X Party
Co putes Key Co putes Key
=y ^ od p = ^y od p
=g^( y) od p =g^( y) od p
ubsequent Encryption ith
y etric ession Key g^( y) od p
7
Copyright Pearson Prentice-Hall 2010
o Create the Digital ignat re Plainte t
S Plainte t
0
Copyright Pearson Prentice-Hall 2010
Encryption Goal ender Encrypts eceiver
with Decrypts with
Public Key ahe receiver¶s ahe receiver¶s
Encryption for public key private key
Confidentiality
Public Key ahe sender¶s ahe arue Party¶s
Encryption for private key public key
Authentication (not the sender¶s
public key)
Point of frequent
confusion
1
Copyright Pearson Prentice-Hall 2010
Ô Cannot use the sender¶s public key
Ń It would Ëvalidate´ the sender¶s digital signature
à
Copyright Pearson Prentice-Hall 2010
Field Description
Version Version number of theerial number
X09 allows the
standard receiver
0ost to
certificates
umber check if the
follow Version
Different digital certificate
versions has been
have different fields
revoked
ahis figure reflects the Version by the CA
standard
Copyright Pearson Prentice-Hall 2010
Ô a
Ń ahe digital certificate has a digital signature of its own
Ń igned with the Certificate Authority¶s (CA¶s) private key
Ń 0ust be tested with the CA¶s well-known public key
Ń If the test works, the certificate is authentic and
unmodified
5
Copyright Pearson Prentice-Hall 2010
Ô !$
% &
Y"&
Ń Certificate is valid only during the valid period in the
digital certificate (not shown in the figure)
Ń If the current time is not within the valid period, reject the
digital certificate
6
Copyright Pearson Prentice-Hall 2010
Ô !$
'"
"!"
Ń Certificates may be revoked for improper behavior or
other reasons
Ń evocation must be tested
Ń Cannot be done by looking at fields within the certificate
Ń eceiver must check with the CA
7
Copyright Pearson Prentice-Hall 2010
Ô !$
'"
"!"
Ń Verifier may download the entire certificate revocation list
from the CA
½ ee if the serial number is on the certificate
revocation list
½ If so, do not accept the certificate
Ń r, the verifier may send a query to the CA
½ equires the CA to support the nline Certificate
tatus Protocol
Copyright Pearson Prentice-Hall 2010
Certi icate thority
thentication
5
Copyright Pearson Prentice-Hall 2010
51
Copyright Pearson Prentice-Hall 2010
As in the case of digital signatures, confidentiality is
done to protect the plaintext
It is not needed for authentication and has nothing to
do with authentication
52
Copyright Pearson Prentice-Hall 2010
5
55
Copyright Pearson Prentice-Hall 2010
Ô
!$
Ń Capture and then retransmit an encrypted message later
Ń 0ay have a desired effect
Ń Even if the attacker cannot read the message
56
Copyright Pearson Prentice-Hall 2010
Ô a(
!$
Ń aime stamps to ensure freshness of each message
Ń equence numbers so that repeated messages can be
detected
Ń onces
½ Unique randomly generated number placed in each
request message
½ eflected in the response message
½ If a request arrives with a previously used nonce, it is
rejected
57
Copyright Pearson Prentice-Hall 2010
Ô #
)!!
Ń Describes the behavior of fundamental particles
Ń Complex and even weird results
5
Copyright Pearson Prentice-Hall 2010
Ô #
* "
Ń aransmits a very long key²as long as the message
Ń ahis is a one-time key that will not be used again
Ń A one-time key as long as a message cannot be cracked
by cryptanalysis
Ń If an interceptor reads part of the key in transit, this will
be immediately apparent to the sender and receiver
5
Copyright Pearson Prentice-Hall 2010
Ô #
!$
Ń aests many keys simultaneously
Ń If quantum key cracking becomes capable of working
on long keys, today¶s strong key lengths will offer no
protection
6
Copyright Pearson Prentice-Hall 2010
"'& !"
##!
Applicable ender ot applicable
!
" encrypts with key
shared with the
receiver